Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

7.187. policycoreutils

Updated policycoreutils packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 6.
The policycoreutils packages contain the policy core utilities that are required for basic operation of SELinux. These utilities include load_policy to load policies, setfiles to label file systems, newrole to switch roles, and run_init to run /etc/init.d scripts in the proper context.

Bug Fixes

BZ#816460, BZ#885527
Previously, when the policycoreutils-gui utility was used to add an SELinux policy for a socket file, policycoreutils-gui failed with a traceback. This bug has been fixed, policycoreutils-gui now succeeds, and the SELinux policy is now added in this scenario.
Due to a bug in the code, when the restorecon utility failed, it returned the success exit code. This bug has been fixed and restorecon now returns appropriate exit codes.
When multiple type accesses from the same role occurred, the audit2allow utility produced policy files that could not be parsed by the checkmodule compiler. With this update, audit2allow produces correct policy files which can be compiled by checkmodule.
The restorecond init script allows to use the "reload" operation. Previously, the usage message produced by restorecond did not mention the operation. The operation has been added to the usage message, which is now complete.
Prior to this update, the audit2allow utility produced a confusing output when one of the several processed AVCs could be allowed by a boolean, as it was not clear which AVC the message was related to. The layout of the output has been corrected and the audit2allow output no longer causes confusion.
Due to a regression, the vdsm package failed to be installed on Red Hat Enterprise Linux 6.4 if SELinux was disabled. A patch which enables the vdsm installation has been provided.


A new function to the semanage utility has been implemented. Now, the user is able to notice that a specified file context semanage command is wrong and an appropriate error message is returned.
With this update, the restorecon utility now returns a warning message for paths for which a default SELinux security context is not defined in the policy.
Users of policycoreutils are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.